Apple, Facebook, Microsoft, and Twitter compromised for industrial espionage

A number of multinational companies, including Apple, Facebook, and Twitter, have been compromised by a group suspected of industrial espionage. Recent reports by Symantec and Kaspersky Lab exposed the hacking collectives as a powerful group that has compromised the billion-dollar companies since 2011. Symantec suspects the highly trained hackers may be independent “hackers for hire”, interested in more than credit card information or customer databases. Instead, they suspect the threat actor is focused on high level corporate information they can profit from, such as insider trading information. Symantec reported that 49 different organizations around the globe had been attacked; Kaspersky noted the variety of different companies ranged from healthcare to Bitcoin-related companies, as well as legal companies involved in acquisition deals. Neither security group was able to determine the origin of the attacks, but warned organizations that the threat is still active and should be taken seriously.

Google clarifies statements about link building being harmful

A year after Google published an extensive post about unnatural links, it shared an additional post on the Google Webmaster Blog to help identify unnatural links and clarify the potential consequences of their use. Buying links in order to distort page rank has been known to be against Google policy, but the post drew a lot of attention when it instructed webmasters not to “buy, sell, exchange or ask for links.” Google has since clarified its stance on the link issue, specifying that you cannot “buy, sell or ask for links that may violate [Google] linking webmaster guidelines.” The wording in the post support Google’s John Mueller’s advice to avoid link building because “only focusing on links is probably going to cause more problems for your website than it actually helps.”

U.S. group petitions for expansion of Right to Be Forgotten rules

Consumer Watchdog, a U.S consumer rights organization, has petitioned the U.S. Federal Trade Commission to enact “Right to Be Forgotten” rules for Google searches. The ruling of the European Court of Justice requires Google to de-list search results tied to a person’s name if the information is inaccurate or outdated. In the complaint, Consumer WatchDog’s Privacy Project director, John Simpson, urged the commission to investigate and take action. “Google’s refusal to consider such requests in the United States is both unfair and deceptive, violating Section 5 of the Federal Trade Commission Act,” Simpson stated. The extent of the ruling has been highly scrutinized over the past year, prompting France to give Google a 15 day timeframe to begin delisting links across the board before facing sanctions. Nearly a week ago, Russian Parliament approved a similar “Right to Be Forgotten” law, allowing for broader removals than the European law. The Russian version of this law has been criticized for being too broad, however, because it would allow people to simply object to content in general and ask for the links to be removed from search engines. Yandex, Russia’s largest search engine says that “the private interest and the public interest should exist in balance.”

OpenSSL patch addresses “high severity” vulnerability

An OpenSSL vulnerability has prompted action by the project team. The July 9th release addresses a single “high severity” security defect that was introduced with OpenSSL versions 1.0.2d and 1.0.1p. OpenSSL “high severity” flaws typically include risks including denial-of-service attacks, server memory leak, and remote code execution. Experts advise users to patch as soon as possible, as the release of the information can mean attackers can use the vulnerability to their advantage.